KinHealth
Back to home

Privacy policy

How we handle your data.

Short version: your family's health documents are yours. We store them on servers in India, we don't sell them to anyone, and we don't train AI on them. Here are the details.

Last updated · April 2026

1. Who we are

Kin Health ("we", "us") is the operator of the Kin Health app and website. For privacy-related queries we act as the data fiduciaryas defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act").

2. What we collect

  • Account data. Your email address, and optional profile name and city.
  • Health documents you upload. Prescriptions, lab reports, and any text or images you attach to a profile.
  • Derived data. The structured extractions produced from your documents (medication names, dosages, lab values), the plain-language explanations we generate, and the reminders you set.
  • Family profiles. If you create a profile for a family member, the information you add about them — including any consent records.
  • Operational logs. Standard server logs (IP, user agent, request timestamps), retained for a maximum of 30 days and used only for security and debugging.

3. What we do not collect

  • We do not track you across other websites. There is no advertising SDK in our app.
  • We do not sell, rent, or share your data with pharmaceutical companies, insurers, hospitals, or any other third party for marketing purposes.

4. Where we store it

Your account and document data is stored on servers located within India, operated by tier-1 cloud providers under industry-standard encryption (TLS in transit, AES-256 at rest). Backup copies remain in India.

5. How we use AI

We use large language models to produce plain-language explanations. We use enterprise-tier endpoints that are contractually bound to not retain your data after processing and not train any models on it. We never send your raw document to a model endpoint that does not have these guarantees.

6. Your rights under the DPDP Act

  • Access. Download everything we hold about you, in a machine-readable format, any time.
  • Correction. Fix anything that is wrong.
  • Erasure. Delete everything. Deletion is immediate and permanent; we keep only a hashed record that your account existed, for fraud prevention.
  • Grievance. Raise a concern with our grievance officer (contact below) and receive a response within 15 days.

7. Family profiles and consent

When you add a family member, you confirm that you have their consent — or, if they are a minor or dependent adult, that you have lawful authority to manage their health records. We will soon support a verified-consent flow where the person themselves confirms via SMS.

8. Security incidents

If we ever experience a personal data breach affecting you, we will notify you and the Data Protection Board within the timelines required by the DPDP Act. We will explain what happened, what data was affected, and what we are doing about it.

9. Contact

Grievance officer: privacy@kinhealth.app. General queries: hello@kinhealth.app.